Merge branch 'bugfix/remove_secure_boot_test_mode' into 'master'

remove secure boot test mode

See merge request idf/esp-idf!5059

components/bootloader/Kconfig.projbuild

@@ -505,16 +505,5 @@ menu "Security features"
 
                 Only set this option in testing environments.
 
-        config SECURE_BOOT_TEST_MODE
-            bool "Secure boot test mode: don't permanently set any eFuses"
-            depends on SECURE_BOOT_INSECURE
-            default N
-            help
-                If this option is set, all permanent secure boot changes (via eFuse) are disabled.
-
-                Log output will state changes which would be applied, but they will not be.
-
-                This option is for testing purposes only - it completely disables secure boot protection.
-
     endmenu  # Potentially Insecure
 endmenu  # Security features

components/bootloader_support/src/bootloader_utility.c

@@ -558,9 +558,10 @@ static void load_image(const esp_image_metadata_t* image_data)
     err = esp_secure_boot_permanently_enable();
     if (err != ESP_OK) {
         ESP_LOGE(TAG, "FAILED TO ENABLE SECURE BOOT (%d).", err);
-        /* Allow booting to continue, as the failure is probably
-           due to user-configured EFUSEs for testing...
+        /* Panic here as secure boot is not properly enabled
+           due to one of the reasons in above function
         */
+        abort();
     }
 #endif
 

components/bootloader_support/src/esp32/secure_boot.c

@@ -97,11 +97,7 @@ static bool secure_boot_generate(uint32_t image_len){
 /* Burn values written to the efuse write registers */
 static inline void burn_efuses()
 {
-#ifdef CONFIG_SECURE_BOOT_TEST_MODE
-    ESP_LOGE(TAG, "SECURE BOOT TEST MODE. Not really burning any efuses! NOT SECURE");
-#else
     esp_efuse_burn_new_values();
-#endif
 }
 
 esp_err_t esp_secure_boot_generate_digest(void)
@@ -183,7 +179,6 @@ esp_err_t esp_secure_boot_permanently_enable(void)
         efuse_key_write_protected = true;
     }
 
-#ifndef CONFIG_SECURE_BOOT_TEST_MODE
     if (!efuse_key_read_protected) {
         ESP_LOGE(TAG, "Pre-loaded key is not read protected. Refusing to blow secure boot efuse.");
         return ESP_ERR_INVALID_STATE;
@@ -192,7 +187,6 @@ esp_err_t esp_secure_boot_permanently_enable(void)
         ESP_LOGE(TAG, "Pre-loaded key is not write protected. Refusing to blow secure boot efuse.");
         return ESP_ERR_INVALID_STATE;
     }
-#endif
 
     ESP_LOGI(TAG, "blowing secure boot efuse...");
     ESP_LOGD(TAG, "before updating, EFUSE_BLK0_RDATA6 %x", REG_READ(EFUSE_BLK0_RDATA6_REG));
@@ -221,11 +215,7 @@ esp_err_t esp_secure_boot_permanently_enable(void)
         ESP_LOGI(TAG, "secure boot is now enabled for bootloader image");
         return ESP_OK;
     } else {
-#ifdef CONFIG_SECURE_BOOT_TEST_MODE
-        ESP_LOGE(TAG, "secure boot not enabled due to test mode");
-#else
         ESP_LOGE(TAG, "secure boot not enabled for bootloader image, EFUSE_RD_ABS_DONE_0 is probably write protected!");
-#endif
         return ESP_ERR_INVALID_STATE;
     }
 }